Vulnerabilities > CVE-2004-1655 - Input Validation vulnerability in PHPWebSite
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
NONE Integrity impact
PARTIAL Availability impact
NONE Summary
Cross-site scripting (XSS) vulnerability in phpWebsite 0.9.3-4 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) CM_pid parameter in the comments module or (2) the subject or message fields in the notes module.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 5 |
Exploit-Db
| description | phpWebsite 0.7.3/0.8.x/0.9.x Comment Module CM_pid XSS. CVE-2004-1655. Webapps exploit for php platform |
| id | EDB-ID:24425 |
| last seen | 2016-02-02 |
| modified | 2004-09-01 |
| published | 2004-09-01 |
| reporter | GulfTech Security |
| source | https://www.exploit-db.com/download/24425/ |
| title | phpWebsite 0.7.3/0.8.x/0.9.x Comment Module CM_pid XSS |
References
- http://marc.info/?l=bugtraq&m=109413493005513&w=2
- http://secunia.com/advisories/12438
- http://securitytracker.com/id?1011120
- http://www.gulftech.org/?node=research&article_id=00048-08312004
- http://www.phpwebsite.appstate.edu/index.php?module=announce&ANN_user_op=view&ANN_id=822
- http://www.securityfocus.com/bid/11088
- https://exchange.xforce.ibmcloud.com/vulnerabilities/17202
- https://exchange.xforce.ibmcloud.com/vulnerabilities/17203